Overview

overview

10

Static

static

10

魔兽挂机.exe

windows7-x64

7

魔兽挂机.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    150s
  • max time network
    156s
  • platform
    windows7_x64
  • resource
    win7-20230712-en
  • resource tags

    arch:x64arch:x86image:win7-20230712-enlocale:en-usos:windows7-x64system
  • submitted
    20-07-2023 09:07

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    魔兽挂机.exe

  • Size

    4.4MB

  • MD5

    c4c97347c69e200ec15168389130c139

  • SHA1

    b84fc07fa1d42a9e696d37e59b6f42e9c0358947

  • SHA256

    bc19c88cfe03198a743e9f2fb4ac39f2906b62b89a74e0f0dda1e348c82892e6

  • SHA512

    5e6bd7832fe0909549fe70242a9f4ff39f37aa811a5a952b16b260ef3ac2ec78dc63d3c87067ac720b5e7dba5242933b493a54b11eafc14be7e4a0a71a446e6a

  • SSDEEP

    49152:OW7l+qVoU5E9DnvkFJ9QRP++z53wJWqW2NC6kpWSc4O:T7lnVoZ9zvkFJ+PETNOplc4O

Score
7/10
persistenceupx

Malware Config

Signatures

  • UPX packed file 27 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Drops file in System32 directory 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 31 IoCs
  • Suspicious use of AdjustPrivilegeToken 5 IoCs
  • Suspicious use of SetWindowsHookEx 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\魔兽挂机.exe
    "C:\Users\Admin\AppData\Local\Temp\魔兽挂机.exe"
    1⤵
    • Adds Run key to start application
    • Drops file in System32 directory
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of SetWindowsHookEx
    PID:2440

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\ÅäÖÃ.ini
    Filesize

    84B

    MD5

    dc9060a6ec1dece10082d70f6f4cfea7

    SHA1

    46a42e264943106de11fffa03f9f993fcff747d3

    SHA256

    9b294e5393bb5c7bffd9babfcbd09cff3dcaca1be166ff1ae420e7f8ccae6ca2

    SHA512

    855325631536aa6f45b0db5107b54e8232368de0af37849b6c8b9b8e68683674d44aa9c020f3a95b10e080eb59118bfc539ba5172432e34322ea84412ec576fa

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\ÅäÖÃ2.ini
    Filesize

    70B

    MD5

    c73af966fb6f46ee52eedb6a223ad1ce

    SHA1

    42e89f295291896588a5cf317f06a482705914dd

    SHA256

    57c2cc21bd5c356b860c082d5516dd95af87f285065c87fc691933be103d238d

    SHA512

    8a3089e91b2b12686950b3c283db23d121f6cdc65dd545dc7cc3efe80a447d25d884a2849bce264ee86dae0443205ddd78843c875a6ecfee33b4e4c05c4ebbda

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\ÅäÖÃ3.ini
    Filesize

    155B

    MD5

    fb6391079a3d6568cc65acd28b05ea27

    SHA1

    69793879d772f84fb0c4648d933611e8ef1394ab

    SHA256

    e19b5a11a96030d89d9c3e58978f5ed6825a0f2ba9f7cd82f623d8e76ad44be7

    SHA512

    0913d211adc9ccaeeaa40160625619014085b70063618109f09644e58cde39e2425d98822ace677fd5e2fc5d3336b24eef3fcb9aa480c0ec86c8ef8e80cd117e

    Download Submit

  • memory/2440-79-0x00000000003C0000-0x00000000003FE000-memory.dmp

    Filesize

    248KB

    Download

  • memory/2440-83-0x00000000003C0000-0x00000000003FE000-memory.dmp

    Filesize

    248KB

    Download

  • memory/2440-61-0x00000000003C0000-0x00000000003FE000-memory.dmp

    Filesize

    248KB

    Download

  • memory/2440-63-0x00000000003C0000-0x00000000003FE000-memory.dmp

    Filesize

    248KB

    Download

  • memory/2440-65-0x00000000003C0000-0x00000000003FE000-memory.dmp

    Filesize

    248KB

    Download

  • memory/2440-67-0x00000000003C0000-0x00000000003FE000-memory.dmp

    Filesize

    248KB

    Download

  • memory/2440-69-0x00000000003C0000-0x00000000003FE000-memory.dmp

    Filesize

    248KB

    Download

  • memory/2440-71-0x00000000003C0000-0x00000000003FE000-memory.dmp

    Filesize

    248KB

    Download

  • memory/2440-73-0x00000000003C0000-0x00000000003FE000-memory.dmp

    Filesize

    248KB

    Download

  • memory/2440-75-0x00000000003C0000-0x00000000003FE000-memory.dmp

    Filesize

    248KB

    Download

  • memory/2440-77-0x00000000003C0000-0x00000000003FE000-memory.dmp

    Filesize

    248KB

    Download

  • memory/2440-54-0x0000000010000000-0x0000000010019000-memory.dmp

    Filesize

    100KB

    Download

  • memory/2440-81-0x00000000003C0000-0x00000000003FE000-memory.dmp

    Filesize

    248KB

    Download

  • memory/2440-56-0x00000000003C0000-0x00000000003FE000-memory.dmp

    Filesize

    248KB

    Download

  • memory/2440-85-0x00000000003C0000-0x00000000003FE000-memory.dmp

    Filesize

    248KB

    Download

  • memory/2440-87-0x00000000003C0000-0x00000000003FE000-memory.dmp

    Filesize

    248KB

    Download

  • memory/2440-89-0x00000000003C0000-0x00000000003FE000-memory.dmp

    Filesize

    248KB

    Download

  • memory/2440-91-0x00000000003C0000-0x00000000003FE000-memory.dmp

    Filesize

    248KB

    Download

  • memory/2440-93-0x00000000003C0000-0x00000000003FE000-memory.dmp

    Filesize

    248KB

    Download

  • memory/2440-95-0x00000000003C0000-0x00000000003FE000-memory.dmp

    Filesize

    248KB

    Download

  • memory/2440-97-0x00000000003C0000-0x00000000003FE000-memory.dmp

    Filesize

    248KB

    Download

  • memory/2440-99-0x00000000003C0000-0x00000000003FE000-memory.dmp

    Filesize

    248KB

    Download

  • memory/2440-58-0x00000000003C0000-0x00000000003FE000-memory.dmp

    Filesize

    248KB

    Download

  • memory/2440-59-0x00000000003C0000-0x00000000003FE000-memory.dmp

    Filesize

    248KB

    Download

  • memory/2440-143-0x0000000010000000-0x0000000010019000-memory.dmp

    Filesize

    100KB

    Download

  • memory/2440-144-0x00000000003C0000-0x00000000003FE000-memory.dmp

    Filesize

    248KB

    Download

  • memory/2440-57-0x00000000003C0000-0x00000000003FE000-memory.dmp

    Filesize

    248KB

    Download